Re: [HACKERS] TODO list updated

Bruce Momjian <pgman@candle.pha.pa.us>

From: Bruce Momjian <pgman@candle.pha.pa.us>
To: The Hermit Hacker <scrappy@hub.org>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Peter Eisentraut <peter_e@gmx.net>, PostgreSQL-development <pgsql-hackers@postgreSQL.org>
Date: 2000-01-13T17:25:21Z
Lists: pgsql-hackers
> On Thu, 13 Jan 2000, Tom Lane wrote:
> 
> > Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > >> You can't securely do
> > >> echo $PASSWORD | backend
> > >> or
> > >> echo $PASSWORD > allegedly-secure-temp-file
> > 
> > > This is secure.  echo is a shell builtin, and does not invoke a separate
> > > process with arguments.
> > 
> > echo is a builtin in ksh and derivatives, but I don't think it's safe
> > to assume it is a builtin everywhere...
> 
> bash-2.03$ which echo
> /usr/slocal/bin/echo
> 

which is an external program looking for another external program.  From
bash:

	#$ type echo
	echo is a shell builtin
	#$ which which
	/usr/bin/which

-- 
  Bruce Momjian                        |  http://www.op.net/~candle
  maillist@candle.pha.pa.us            |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026